AIDS.gov is a resource that patients across the U.S. used to learn about the disease and connect with resources for testing and treatment. AIDS is obviously still a sensitive topic for many. That's why I was so shocked to discover a Washington Post exposé on the fact that AIDS.gov didn't properly secure the identities of its users.
The site didn't use a Secure Socket Layer, which is a basic layer of security that almost any Web developer worth his or her salt would know about. Without an SSL, anyone with some basic know-how could have figured out who was searching for AIDS testing and treatment resources.
Worse yet, anyone using the AIDS.gov mobile app would also have their location data uploaded to the site. That means that anyone using the app would be freely visible to the snoops who might want to find them.
If you haven't noticed my coverage of breaches caused entirely by laziness, then here's the message I keep repeating: Being lazy about security ruins everyone's trust. If you're going to help patients find the resources they need for a sensitive and life-threatening illness, then please at least try to keep their information secure.